WatchGuard Support Center

Knowledge Base - Article

Article

000003422
 Report spamBlocker false positives or false negatives

Information
How do I report spamBlocker false positives or false negatives?

A false positive email message is a legitimate message that spamBlocker incorrectly identifies as spam. A false negative email message is a spam message that spamBlocker does not correctly identify as spam.

If you find a false positive or false negative email message, you can send us feedback to help improve the spamBlocker service.

Fireware XTM OS on your device uses CYREN (formerly Commtouch), and you can send feedback directly to CYREN. You can also send feedback about a false positive for a solicited bulk email message. This is a message that spamBlocker identifies as bulk email when a user actually requested the email message. 

Do not send a report about a false positive when the email is assigned to the Suspect category. Because this is not a permanent category, CYREN does not investigate error reports for suspected spam.

You must have access to the email message to send a false positive or false negative report to CYREN. You must also know the category (Confirmed Spam or Bulk) into which spamBlocker put the email message. To find the category, you must configure a spamBlocker action to add a subject tag and use a unique sequence of characters to add to the beginning of the email subject line.

To report a false positive or false negative:

  1. Save the email as a .msg or .eml file.
    You cannot forward the initial email message because CYREN needs the email header. If you use email software such as Microsoft Outlook or Mozilla Thunderbird, you can drag and drop the email message into a computer desktop folder. If you use email software that does not have drag-and-drop functionality, you must select File > Save As to save the email message to a folder.
  2. Create a new email message addressed to:
    reportfp@blockspam.biz for false positives
    reportfn@blockspam.biz for false negatives
    reportso@blockspam.biz for false positive solicited bulk email
  3. Type the following in the subject line of your email message:
    FP Report <Your Company Name> <Date of submission> for false positives
    FN Report <Your Company Name> <Date of submission> for false negatives
    FP Report <Your Company Name> <Date of submission> for false positive solicited bulk email
  4. Attach the .msg or .eml file to the email message and send the message.

If you have many messages to send to CYREN, you can put them all into one Zip file. Do not put the Zip file into a Zip archive. The Zip file can be compressed to only one level for CYREN to analyze it automatically.

Report feedback about a confidential message

If you want to send a report to CYREN but you cannot send the initial email message because the information in the message is confidential, you can use the RefID record from the email header instead. The RefID record is the reference number for the transaction between the Firebox and the CYREN Detection Center.

spamBlocker adds an X-WatchGuard-Spam-ID header to each email. The header looks like this:
X-WatchGuard-Spam-ID: 0001.0A090202.43674BDF.0005-G-gg8BuArWNRyK9/VKO3E51A==
The long sequence of numbers and letters after X-WatchGuard-Spam-ID: part of the header is the RefID record.

Instead of attaching the initial email, put the RefID record in the body of your email message. If you have more than one email message you want to send a report about, put each RefID record on a separate line.

To see email headers if you use Microsoft Outlook:

  1. Open the email message in a new window or select it in Outlook.
  2. If you open the email in a separate window, select View > Options.
    If you highlight the email in Outlook, right-click the email message and select Options.
    The headers appear at the bottom of the Message Options window.

To see email headers if you use Microsoft Outlook Express:

  1. Open the email message in a new window or highlight it in Outlook Express.
  2. If you open the email in a separate window, select File > Properties.
    If you highlight the email in Outlook Express, right-click the email and select Properties.
  3. Click the Details tab to view the headers.